Discover Government News

   openSUSE Security Update: Security update for chromium
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2020:2012-1
Rating:             important
References:         #1178923 
Cross-References:   CVE-2019-8075 CVE-2020-16012 CVE-2020-16014
                    CVE-2020-16015 CVE-2020-16018 CVE-2020-16019
                    CVE-2020-16020 CVE-2020-16021 CVE-2020-16022
                    CVE-2020-16023 CVE-2020-16024 CVE-2020-16025
                    CVE-2020-16026 CVE-2020-16027 CVE-2020-16028
                    CVE-2020-16029 CVE-2020-16030 CVE-2020-16031
                    CVE-2020-16032 CVE-2020-16033 CVE-2020-16034
                    CVE-2020-16035 CVE-2020-16036
Affected Products:
                    openSUSE Backports SLE-15-SP2
______________________________________________________________________________

   An update that fixes 23 vulnerabilities is now available.

Description:

   This update for chromium fixes the following issues:

   - Update to 87.0.4280.66 (boo#1178923)
     - Wayland support by default
     - CVE-2020-16018: Use after free in payments.
     - CVE-2020-16019: Inappropriate implementation in filesystem.
     - CVE-2020-16020: Inappropriate implementation in cryptohome.
     - CVE-2020-16021: Race in ImageBurner.
     - CVE-2020-16022: Insufficient policy enforcement in networking.
     - CVE-2020-16015: Insufficient data validation in WASM. R
     - CVE-2020-16014: Use after free in PPAPI.
     - CVE-2020-16023: Use after free in WebCodecs.
     - CVE-2020-16024: Heap buffer overflow in UI.
     - CVE-2020-16025: Heap buffer overflow in clipboard.
     - CVE-2020-16026: Use after free in WebRTC.
     - CVE-2020-16027: Insufficient policy enforcement in developer tools. R
     - CVE-2020-16028: Heap buffer overflow in WebRTC.
     - CVE-2020-16029: Inappropriate implementation in PDFium.
     - CVE-2020-16030: Insufficient data validation in Blink.
     - CVE-2019-8075: Insufficient data validation in Flash.
     - CVE-2020-16031: Incorrect security UI in tab preview.
     - CVE-2020-16032: Incorrect security UI in sharing.
     - CVE-2020-16033: Incorrect security UI in WebUSB.
     - CVE-2020-16034: Inappropriate implementation in WebRTC.
     - CVE-2020-16035: Insufficient data validation in cros-disks.
     - CVE-2020-16012: Side-channel information leakage in graphics.
     - CVE-2020-16036: Inappropriate implementation in cookies.


Patch Instructions:

   To install this openSUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Backports SLE-15-SP2:

      zypper in -t patch openSUSE-2020-2012=1



Package List:

   - openSUSE Backports SLE-15-SP2 (aarch64 x86_64):

      chromedriver-87.0.4280.66-bp152.2.32.1
      chromium-87.0.4280.66-bp152.2.32.1


References:

   https://www.suse.com/security/cve/CVE-2019-8075.html
   https://www.suse.com/security/cve/CVE-2020-16012.html
   https://www.suse.com/security/cve/CVE-2020-16014.html
   https://www.suse.com/security/cve/CVE-2020-16015.html
   https://www.suse.com/security/cve/CVE-2020-16018.html
   https://www.suse.com/security/cve/CVE-2020-16019.html
   https://www.suse.com/security/cve/CVE-2020-16020.html
   https://www.suse.com/security/cve/CVE-2020-16021.html
   https://www.suse.com/security/cve/CVE-2020-16022.html
   https://www.suse.com/security/cve/CVE-2020-16023.html
   https://www.suse.com/security/cve/CVE-2020-16024.html
   https://www.suse.com/security/cve/CVE-2020-16025.html
   https://www.suse.com/security/cve/CVE-2020-16026.html
   https://www.suse.com/security/cve/CVE-2020-16027.html
   https://www.suse.com/security/cve/CVE-2020-16028.html
   https://www.suse.com/security/cve/CVE-2020-16029.html
   https://www.suse.com/security/cve/CVE-2020-16030.html
   https://www.suse.com/security/cve/CVE-2020-16031.html
   https://www.suse.com/security/cve/CVE-2020-16032.html
   https://www.suse.com/security/cve/CVE-2020-16033.html
   https://www.suse.com/security/cve/CVE-2020-16034.html
   https://www.suse.com/security/cve/CVE-2020-16035.html
   https://www.suse.com/security/cve/CVE-2020-16036.html
   https://bugzilla.suse.com/1178923
_______________________________________________
openSUSE Security Announce mailing list -- security-announce@lists.opensuse.org
To unsubscribe, email security-announce-leave@lists.opensuse.org
List Netiquette: https://en.opensuse.org/openSUSE:Mailing_list_netiquette
List Archives: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/

openSUSE: 2020:2012-1 important: chromium

November 25, 2020
An update that fixes 23 vulnerabilities is now available.

An update that fixes 23 vulnerabilities is now available.

Description

This update for chromium fixes the following issues: - Update to 87.0.4280.66 (boo#1178923) - Wayland support by default - CVE-2020-16018: Use after free in payments. - CVE-2020-16019: Inappropriate implementation in filesystem. - CVE-2020-16020: Inappropriate implementation in cryptohome. - CVE-2020-16021: Race in ImageBurner. - CVE-2020-16022: Insufficient policy enforcement in networking. - CVE-2020-16015: Insufficient data validation in WASM. R - CVE-2020-16014: Use after free in PPAPI. - CVE-2020-16023: Use after free in WebCodecs. - CVE-2020-16024: Heap buffer overflow in UI. - CVE-2020-16025: Heap buffer overflow in clipboard. - CVE-2020-16026: Use after free in WebRTC. - CVE-2020-16027: Insufficient policy enforcement in developer tools. R - CVE-2020-16028: Heap buffer overflow in WebRTC. - CVE-2020-16029: Inappropriate implementation in PDFium. - CVE-2020-16030: Insufficient data validation in Blink. - CVE-2019-8075: Insufficient data validation in Flash. - CVE-2020-16031: Incorrect security UI in tab preview. - CVE-2020-16032: Incorrect security UI in sharing. - CVE-2020-16033: Incorrect security UI in WebUSB. - CVE-2020-16034: Inappropriate implementation in WebRTC. - CVE-2020-16035: Insufficient data validation in cros-disks. - CVE-2020-16012: Side-channel information leakage in graphics. - CVE-2020-16036: Inappropriate implementation in cookies.

 

Patch

Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP2: zypper in -t patch openSUSE-2020-2012=1


Package List

- openSUSE Backports SLE-15-SP2 (aarch64 x86_64): chromedriver-87.0.4280.66-bp152.2.32.1 chromium-87.0.4280.66-bp152.2.32.1


References

https://www.suse.com/security/cve/CVE-2019-8075.html https://www.suse.com/security/cve/CVE-2020-16012.html https://www.suse.com/security/cve/CVE-2020-16014.html https://www.suse.com/security/cve/CVE-2020-16015.html https://www.suse.com/security/cve/CVE-2020-16018.html https://www.suse.com/security/cve/CVE-2020-16019.html https://www.suse.com/security/cve/CVE-2020-16020.html https://www.suse.com/security/cve/CVE-2020-16021.html https://www.suse.com/security/cve/CVE-2020-16022.html https://www.suse.com/security/cve/CVE-2020-16023.html https://www.suse.com/security/cve/CVE-2020-16024.html https://www.suse.com/security/cve/CVE-2020-16025.html https://www.suse.com/security/cve/CVE-2020-16026.html https://www.suse.com/security/cve/CVE-2020-16027.html https://www.suse.com/security/cve/CVE-2020-16028.html https://www.suse.com/security/cve/CVE-2020-16029.html https://www.suse.com/security/cve/CVE-2020-16030.html https://www.suse.com/security/cve/CVE-2020-16031.html https://www.suse.com/security/cve/CVE-2020-16032.html https://www.suse.com/security/cve/CVE-2020-16033.html https://www.suse.com/security/cve/CVE-2020-16034.html https://www.suse.com/security/cve/CVE-2020-16035.html https://www.suse.com/security/cve/CVE-2020-16036.html https://bugzilla.suse.com/1178923 openSUSE Security Announce mailing list -- security-announce@lists.opensuse.org To unsubscribe, email security-announce-leave@lists.opensuse.org List Netiquette: https://en.opensuse.org/openSUSE:Mailing_list_netiquette List Archives: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/


Severity
Announcement ID: openSUSE-SU-2020:2012-1
Rating: important
Affected Products: openSUSE Backports SLE-15-SP2

Related News